T-H. Hubert Chan, E. Shi, Wei-Kai Lin, Kartik Nayak
{"title":"完全遗忘(平行)RAM重新访问和改进结构","authors":"T-H. Hubert Chan, E. Shi, Wei-Kai Lin, Kartik Nayak","doi":"10.4230/LIPIcs.ITC.2021.8","DOIUrl":null,"url":null,"abstract":"Oblivious RAM (ORAM) is a technique for compiling any RAM program to an oblivious counterpart, i.e., one whose access patterns do not leak information about the secret inputs. Similarly, Oblivious Parallel RAM (OPRAM) compiles a parallel RAM program to an oblivious counterpart. In this paper, we care about ORAM/OPRAM with perfect security, i.e., the access patterns must be identically distributed no matter what the program’s memory request sequence is. In the past, two types of perfect ORAMs/OPRAMs have been considered: constructions whose performance bounds hold in expectation (but may occasionally run more slowly); and constructions whose performance bounds hold deterministically (even though the algorithms themselves are randomized). In this paper, we revisit the performance metrics for perfect ORAM/OPRAM, and show novel constructions that achieve asymptotical improvements for all performance metrics. Our first result is a new perfectly secure OPRAM scheme with O(logN/ log logN) expected overhead. In comparison, prior literature has been stuck at O(logN) for more than a decade. Next, we show how to construct a perfect ORAM with O(logN/ log logN) deterministic simulation overhead. We further show how to make the scheme parallel, resulting in an perfect OPRAM with O(logN/ log logN) deterministic simulation overhead. For perfect ORAMs/OPRAMs with deterministic performance bounds, our results achieve subexponential improvement over the state-of-the-art. Specifically, the best known prior scheme incurs more than √ N deterministic simulation overhead (Raskin and Simkin, Asiacrypt’19); moreover, their scheme works only for the sequential setting and is not amenable to parallelization. Finally, we additionally consider perfect ORAMs/OPRAMs whose performance bounds hold with high probability. For this new performance metric, we show new constructions whose simulation overhead is upper bounded by O(log / log logN) except with negligible in N probability, i.e., we prove high-probability performance bounds that match the expected bounds mentioned earlier. Author ordering is randomized. T-H. Hubert Chan was partially supported by the Hong Kong RGC under the grants 17200418 and 17201220. Elaine Shi was partially supported by NSF CNS-1601879, an ONR YIP award, and a Packard Fellowship. Wei-Kai Lin was supported by a DARPA Brandeis award. Kartik Nayak was partially supported by NSF Award 2016393.","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":"79 1","pages":"8:1-8:23"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Perfectly Oblivious (Parallel) RAM Revisited, and Improved Constructions\",\"authors\":\"T-H. Hubert Chan, E. Shi, Wei-Kai Lin, Kartik Nayak\",\"doi\":\"10.4230/LIPIcs.ITC.2021.8\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Oblivious RAM (ORAM) is a technique for compiling any RAM program to an oblivious counterpart, i.e., one whose access patterns do not leak information about the secret inputs. Similarly, Oblivious Parallel RAM (OPRAM) compiles a parallel RAM program to an oblivious counterpart. In this paper, we care about ORAM/OPRAM with perfect security, i.e., the access patterns must be identically distributed no matter what the program’s memory request sequence is. In the past, two types of perfect ORAMs/OPRAMs have been considered: constructions whose performance bounds hold in expectation (but may occasionally run more slowly); and constructions whose performance bounds hold deterministically (even though the algorithms themselves are randomized). In this paper, we revisit the performance metrics for perfect ORAM/OPRAM, and show novel constructions that achieve asymptotical improvements for all performance metrics. Our first result is a new perfectly secure OPRAM scheme with O(logN/ log logN) expected overhead. In comparison, prior literature has been stuck at O(logN) for more than a decade. Next, we show how to construct a perfect ORAM with O(logN/ log logN) deterministic simulation overhead. We further show how to make the scheme parallel, resulting in an perfect OPRAM with O(logN/ log logN) deterministic simulation overhead. For perfect ORAMs/OPRAMs with deterministic performance bounds, our results achieve subexponential improvement over the state-of-the-art. Specifically, the best known prior scheme incurs more than √ N deterministic simulation overhead (Raskin and Simkin, Asiacrypt’19); moreover, their scheme works only for the sequential setting and is not amenable to parallelization. Finally, we additionally consider perfect ORAMs/OPRAMs whose performance bounds hold with high probability. For this new performance metric, we show new constructions whose simulation overhead is upper bounded by O(log / log logN) except with negligible in N probability, i.e., we prove high-probability performance bounds that match the expected bounds mentioned earlier. Author ordering is randomized. T-H. Hubert Chan was partially supported by the Hong Kong RGC under the grants 17200418 and 17201220. Elaine Shi was partially supported by NSF CNS-1601879, an ONR YIP award, and a Packard Fellowship. Wei-Kai Lin was supported by a DARPA Brandeis award. Kartik Nayak was partially supported by NSF Award 2016393.\",\"PeriodicalId\":6403,\"journal\":{\"name\":\"2007 IEEE International Test Conference\",\"volume\":\"79 1\",\"pages\":\"8:1-8:23\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 IEEE International Test Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4230/LIPIcs.ITC.2021.8\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE International Test Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4230/LIPIcs.ITC.2021.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Perfectly Oblivious (Parallel) RAM Revisited, and Improved Constructions
Oblivious RAM (ORAM) is a technique for compiling any RAM program to an oblivious counterpart, i.e., one whose access patterns do not leak information about the secret inputs. Similarly, Oblivious Parallel RAM (OPRAM) compiles a parallel RAM program to an oblivious counterpart. In this paper, we care about ORAM/OPRAM with perfect security, i.e., the access patterns must be identically distributed no matter what the program’s memory request sequence is. In the past, two types of perfect ORAMs/OPRAMs have been considered: constructions whose performance bounds hold in expectation (but may occasionally run more slowly); and constructions whose performance bounds hold deterministically (even though the algorithms themselves are randomized). In this paper, we revisit the performance metrics for perfect ORAM/OPRAM, and show novel constructions that achieve asymptotical improvements for all performance metrics. Our first result is a new perfectly secure OPRAM scheme with O(logN/ log logN) expected overhead. In comparison, prior literature has been stuck at O(logN) for more than a decade. Next, we show how to construct a perfect ORAM with O(logN/ log logN) deterministic simulation overhead. We further show how to make the scheme parallel, resulting in an perfect OPRAM with O(logN/ log logN) deterministic simulation overhead. For perfect ORAMs/OPRAMs with deterministic performance bounds, our results achieve subexponential improvement over the state-of-the-art. Specifically, the best known prior scheme incurs more than √ N deterministic simulation overhead (Raskin and Simkin, Asiacrypt’19); moreover, their scheme works only for the sequential setting and is not amenable to parallelization. Finally, we additionally consider perfect ORAMs/OPRAMs whose performance bounds hold with high probability. For this new performance metric, we show new constructions whose simulation overhead is upper bounded by O(log / log logN) except with negligible in N probability, i.e., we prove high-probability performance bounds that match the expected bounds mentioned earlier. Author ordering is randomized. T-H. Hubert Chan was partially supported by the Hong Kong RGC under the grants 17200418 and 17201220. Elaine Shi was partially supported by NSF CNS-1601879, an ONR YIP award, and a Packard Fellowship. Wei-Kai Lin was supported by a DARPA Brandeis award. Kartik Nayak was partially supported by NSF Award 2016393.